GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Securing Donation Against Repeated Claims by Malicious Actors

ansazanjbeel

Summary

Malicious actor can claim donations repeatedly as there is no require check.

Vulnerability Details

In the current logic of the donate function, there is a vulnerability that allows a single user to repeatedly call this function, potentially draining the contract or spamming with multiple donation calls.This issue arises cuz there is no mechanism to track donations.

Impact

  • Enabling malicious actors to call donate function as many times as they want.

  • Also malicious user can repeatedily call donate function and could drain the contract funds.

Tools Used

Manual Review

Recommendations

  • Add a mapping to check, if the user have already donated.

mapping(address => bool) public hasDonated;
function donate(address charity) public payable {
require(registry.isVerified(charity), "Charity not verified");
+ require(!hasDonated[msg.sender], "You have already claimed);
}
Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid-multiple-donations

Donors can do several donations, as in real life, they will just pay the gas fee to have several NFTs. No real impact here since the donation amount is store on the NFT metadata.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.